Hugging Face's logo

Hironabe333
/
gguf-array-elem-type-abort-poc

GGUF
Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

GGUF KV Array Element Type Out-of-Range β€” Native Loader Abort

Finding

A malformed GGUF file with an out-of-range inner_elem_type value inside a KV array (GGUF_TYPE_ARRAY = 9) causes the native loader (gguf_init_from_file) to abort unconditionally via assertion failure (SIGABRT, exit -6 / 134).

The assertion 0 <= type && type < GGUF_TYPE_COUNT fires before any element is processed, regardless of the declared array count. Valid GGUF_TYPE values are 0–12 (GGUF_TYPE_COUNT = 13); any value β‰₯ 13 triggers the abort.

Crash site: gguf_init_from_file+0x7c0 Tested with: llama-cpp-python (llama.cpp wheel)

Distinctness

Root Field Crash offset
ROUND_AI377 (prior, submitted) KV entry outer type +0x3d8
ROUND_AI381 (prior, submitted) Tensor info type +0xfac
This finding KV array elem type +0x7c0

PoC Files

Six GGUF files in two sets:

File elem_type count Role
arr_baseline.gguf 6 (F32) 0 Baseline
arr_mutant_0xff.gguf 255 0 Mutant (OOB)
arr_mutant_13.gguf 13 0 Mutant (=GGUF_TYPE_COUNT)
arr_len1_baseline.gguf 6 (F32) 1 Baseline
arr_len1_mutant_0xff.gguf 255 1 Mutant (OOB)
arr_len1_mutant_13.gguf 13 1 Mutant (=GGUF_TYPE_COUNT)

Mutation field: bytes 48–51 (uint32 LE, inner_elem_type inside the ARRAY KV value)

Observed Behavior

  • C native loader: SIGABRT for all 4 mutants (12/12 runs). Assertion fires before element iteration, independent of array_count.
  • Python gguf reader (len0): Accepts mutants β€” range(0) loop never calls GGUFValueType(elem_type), so the invalid value is not validated.
  • Python gguf reader (len1): Rejects mutants with ValueError β€” GGUFValueType(255) raises on first element.

The security-relevant issue is the native loader abort path: an invalid inner_elem_type value unconditionally aborts the loading process regardless of array count.

Reproduction 

pip install llama-cpp-python gguf
python reproduce.py

Expected output summary: PASS β€” 12/12 SIGABRT confirmed

python inspect_artifacts.py

Verifies SHA256 hashes and prints byte-level layout of mutation field.

Evidence Files

File Contents
runtime_results.json Unified run table (12/12 SIGABRT)
hash_matrix.json SHA256 + layout for all 6 PoC files
source_mapping_array_elem_type.json GGUF_TYPE enum + binary confirmation
distinctness_matrix.json 7-dimension comparison vs prior roots

SHA256

See SHA256SUMS.txt.

Downloads last month
-
GGUF
Model size
0 params
Architecture
Hardware compatibility
Log In to add your hardware

We're not able to determine the quantization variants.

View all variants
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support